How do you handle legal risk in today’s litigious world, when just one employee’s actions can cause damaging exposure for your company?
A corporate code of conduct is the solution. Also known as a code of ethics or corporate compliance, a code of conduct is essentially a company’s in-house constitution. It can motivate people and provide a common structure and rules on how to perform their jobs within the company’s mission and vision.
From purely an organizational standpoint, it’s important to have a document that specifies a company’s core values and aligns all employees with these values.
If you’re a small company e.g., with 10 to 15 people showing up daily and working alongside each other in the same building, everyone probably appreciates those values. But if you are a larger organization, with employees in different locations, maybe even globally, a code of conduct can help close the gaps.
Legally, corporate boards and executives owe a fiduciary responsibility to shareholders and the company itself to evaluate and manage risk. It’s simpler to manage risk with an internal tool, where the company can be alerted of breaches or allegations of misconduct.
Few companies ever believe that they’re going to get in trouble or violate the law. But companies can suffer criminal or civil legal exposure based on the conduct of just one employee. In today’s regulatory environment, many companies will experience some legal exposure, particularly in the civil environment.
For example, a complainant accuses someone at your company of sexual harassment. The complainant’s attorneys will ask for your code of conduct. You will lose face if you don’t have a code of conduct that deals with sexual harassment or provides employees with sexual harassment training.
Codes of conducts are not mysterious documents. You will not be exempted from legal exposure just because you have an existing code of conduct.
A good code of conduct usually specifies the company’s vision. An introductory statement and/or letter from the most senior executive can set the tone at the top, for example: “Here’s our code of conduct. It shows how we intend to do business, and here’s why you need to adhere to this code.”
The best codes are based on a comprehensive risk assessment of a company and structure the code to what the company does. For example, if you’re simply selling widgets locally, your code of conduct will be different than if you’re providing financial services to foreign governments.
At minimum, your code of conduct should address: What business is our company in? Who do we interface with? Where are we conducting business? What will be our approach to responsible business conduct? The main idea is to rank and classify the risk areas that affect your business and then manage that risk via your code of conduct.
The code also needs to specify reporting mechanisms (anonymous or third-party methods are the best) and disciplinary procedures for breaches of the code. Companies with robust codes of conduct often reward employees who identify issues or problems.
Furthermore, your code of conduct needs to be a live document, not a “paper tiger program” that is issued once and then forgotten about. Your code needs to be well-communicated and effectively implemented. If you have global employees, remember that these employees can still expose you to legal risk or expose management to severe sanctions. If you need to translate your code of conduct into Mandarin, Russian, Portuguese or Hindi, do it.
If employees see your CEO practicing commitment to this code in all of his or her activities, they get the message that it applies to them too. Inspiring employees to share your company’s values and ethics is so much easier than having a police officer show up at your office door one day.
Gregg Anderson is managing director of VisionQuest Management Services Ltd., a boutique management consulting company that provides strategy, governance, risk and compliance consulting services.